DSA-2024-302: Dell PowerVault Security Update for ME5 Storage

Summary: Dell PowerVault ME5 Storage remediation is available ME5 firmware vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Third-party Component
 		 CVEs More Information
python-cryptography CVE-2023-50782 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libexpat CVE-2023-52425 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2023-0215, CVE-2023-48795 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
python-cryptography CVE-2020-25659 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
CPython zipfile CVE-2024-0450 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2023-50782, CVE-2023-52425, CVE-2023-0215, CVE-2023-48795, CVE-2020-25659, CVE-2024-0450 PV ME50xx Versions prior to ME5.1.2.1.1 Version ME5.1.2.1.1 or later Download
CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2023-50782, CVE-2023-52425, CVE-2023-0215, CVE-2023-48795, CVE-2020-25659, CVE-2024-0450 PV ME50xx Versions prior to ME5.1.2.1.1 Version ME5.1.2.1.1 or later Download

Revision History

RevisionDateDescription
1.02024-07-03Initial Release
2.02024-07-05Added CVE-2024-0450 and CVE-2020-25659
3.02024-11-05Updated Revision and Download Link

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

PowerVault ME5012, PowerVault ME5024, PowerVault ME5084
Article Properties
Article Number: 000226627
Article Type: Dell Security Advisory
Last Modified: 05 Nov 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.